Skip to content

Commit a58fbe7

Browse files
jfaurskovjfaurskov
authored
Merge branch 'Azure:main' into main
2 parents 9919034 + 947d508 commit a58fbe7

File tree

13 files changed

+363
-5
lines changed

13 files changed

+363
-5
lines changed

docs/reference/treyresearch/armTemplates/auxiliary/hubspoke-connectivity.json

Lines changed: 85 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,10 @@
107107
"type": "string",
108108
"defaultValue": ""
109109
},
110+
"enableVpnActiveActive": {
111+
"type": "string",
112+
"defaultValue": ""
113+
},
110114
"gwAzSku": {
111115
"type": "string",
112116
"defaultValue": ""
@@ -147,10 +151,12 @@
147151
"azFwPolicyName": "[concat(parameters('topLevelManagementGroupPrefix'), '-azfwpolicy-', parameters('location'))]",
148152
"hubName": "[concat(parameters('topLevelManagementGroupPrefix'), '-hub-', parameters('location'))]",
149153
"azVpnGwIpName": "[concat(variables('vpngwname'), '-pip')]",
154+
"azVpnGwAAIpName": "[concat(variables('vpngwname'), '-pip-002')]",
150155
"azVpnGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
151156
"azFwName": "[concat(parameters('topLevelManagementGroupPrefix'), '-fw-', parameters('location'))]",
152157
"azErGwIpName": "[concat(variables('erGwName'), '-pip')]",
153158
"azVpnGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
159+
"azVpnGwAAPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
154160
"azFwIpName": "[concat(variables('azFwName'), '-pip')]",
155161
"azErGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
156162
"azErGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azErGwIpName'))]",
@@ -347,7 +353,20 @@
347353
}
348354
},
349355
{
350-
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
356+
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
357+
"apiVersion": "2020-05-01",
358+
"type": "Microsoft.Network/publicIpAddresses",
359+
"location": "[parameters('location')]",
360+
"name": "[variables('azVpnGwAAIpName')]",
361+
"sku": {
362+
"name": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Standard', 'Basic')]"
363+
},
364+
"properties": {
365+
"publicIPAllocationMethod": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Static', 'Dynamic')]"
366+
}
367+
},
368+
{
369+
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'No'), not(empty(parameters('subnetMaskForGw'))))]",
351370
"apiVersion": "2020-05-01",
352371
"name": "[variables('vpngwname')]",
353372
"type": "Microsoft.Network/virtualNetworkGateways",
@@ -357,6 +376,7 @@
357376
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
358377
],
359378
"properties": {
379+
"activeActive": false,
360380
"gatewayType": "Vpn",
361381
"vpnGatewayGeneration": "Generation2",
362382
"vpnType": "[parameters('vpnGwType')]",
@@ -396,6 +416,70 @@
396416
}
397417
}
398418
},
419+
{
420+
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
421+
"apiVersion": "2020-05-01",
422+
"name": "[variables('vpngwname')]",
423+
"type": "Microsoft.Network/virtualNetworkGateways",
424+
"location": "[parameters('location')]",
425+
"dependsOn": [
426+
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
427+
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
428+
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
429+
],
430+
"properties": {
431+
"activeActive": true,
432+
"gatewayType": "Vpn",
433+
"vpnGatewayGeneration": "Generation2",
434+
"vpnType": "[parameters('vpnGwType')]",
435+
"ipConfigurations": [
436+
{
437+
"name": "default",
438+
"properties": {
439+
"privateIPAllocationMethod": "Dynamic",
440+
"subnet": {
441+
"id": "[variables('azVpnGwSubnetId')]"
442+
},
443+
"publicIpAddress": {
444+
"id": "[variables('azVpnGwPipId')]"
445+
}
446+
}
447+
},
448+
{
449+
"name": "activeactive",
450+
"properties": {
451+
"privateIPAllocationMethod": "Dynamic",
452+
"subnet": {
453+
"id": "[variables('azVpnGwSubnetId')]"
454+
},
455+
"publicIpAddress": {
456+
"id": "[variables('azVpnGwAAPipId')]"
457+
}
458+
}
459+
}
460+
],
461+
"sku": {
462+
"name": "[if(
463+
and(
464+
or(
465+
empty(parameters('gwRegionalSku')),
466+
empty(parameters('gwAzSku'))),
467+
not(
468+
empty(parameters('gwRegionalSku')))),
469+
parameters('gwRegionalSku'),
470+
parameters('gwAzSku'))]",
471+
"tier": "[if(
472+
and(
473+
or(
474+
empty(parameters('gwRegionalSku')),
475+
empty(parameters('gwAzSku'))),
476+
not(
477+
empty(parameters('gwRegionalSku')))),
478+
parameters('gwRegionalSku'),
479+
parameters('gwAzSku'))]"
480+
}
481+
}
482+
},
399483
{
400484
"condition": "[and(equals(parameters('enableErGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
401485
"apiVersion": "2020-05-01",

docs/reference/treyresearch/armTemplates/es-lite.json

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -350,6 +350,14 @@
350350
"type": "string",
351351
"defaultValue": ""
352352
},
353+
"enableVpnActiveActive": {
354+
"type": "string",
355+
"defaultValue": "No",
356+
"allowedValues": [
357+
"Yes",
358+
"No"
359+
]
360+
},
353361
"gwAzSku": {
354362
"type": "string",
355363
"defaultValue": ""
@@ -825,6 +833,9 @@
825833
"gwRegionalOrAz": {
826834
"value": "[parameters('gwRegionalOrAz')]"
827835
},
836+
"enableVpnActiveActive": {
837+
"value": "[parameters('enableVpnActiveActive')]"
838+
},
828839
"gwAzSku": {
829840
"value": "[parameters('gwAzSku')]"
830841
},

docs/reference/treyresearch/armTemplates/es-portal.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -549,6 +549,26 @@
549549
]
550550
}
551551
},
552+
{
553+
"name": "enableVpnActiveActive",
554+
"type": "Microsoft.Common.OptionsGroup",
555+
"label": "Deploy VPN Gateway in Active/Active mode",
556+
"defaultValue": "No",
557+
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
558+
"toolTip": "Deploy the VPN gateway in Active/Active mode",
559+
"constraints": {
560+
"allowedValues": [
561+
{
562+
"label": "Yes",
563+
"value": "Yes"
564+
},
565+
{
566+
"label": "No",
567+
"value": "No"
568+
}
569+
]
570+
}
571+
},
552572
{
553573
"name": "esGwNoAzSku",
554574
"type": "Microsoft.Common.DropDown",
@@ -1254,6 +1274,7 @@
12541274
"vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
12551275
"firewallZones": "[steps('esConnectivityGoalState').esFwAz]",
12561276
"gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
1277+
"enableVpnActiveActive": "[steps('esConnectivityGoalState').enableVpnActiveActive]",
12571278
"gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]",
12581279
"gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]",
12591280
"erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]",

docs/reference/treyresearch/armTemplates/portal-es-lite.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -540,6 +540,26 @@
540540
]
541541
}
542542
},
543+
{
544+
"name": "enableVpnActiveActive",
545+
"type": "Microsoft.Common.OptionsGroup",
546+
"label": "Deploy VPN Gateway in Active/Active mode",
547+
"defaultValue": "No",
548+
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
549+
"toolTip": "Deploy the VPN gateway in Active/Active mode",
550+
"constraints": {
551+
"allowedValues": [
552+
{
553+
"label": "Yes",
554+
"value": "Yes"
555+
},
556+
{
557+
"label": "No",
558+
"value": "No"
559+
}
560+
]
561+
}
562+
},
543563
{
544564
"name": "esGwNoAzSku",
545565
"type": "Microsoft.Common.DropDown",
@@ -1243,6 +1263,7 @@
12431263
"vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
12441264
"firewallZones": "[steps('esConnectivityGoalState').esFwAz]",
12451265
"gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
1266+
"enableVpnActiveActive": "[steps('esConnectivityGoalState').enableVpnActiveActive]",
12461267
"gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]",
12471268
"gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]",
12481269
"erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]",

docs/wiki/Deploying-ALZ-BasicSetup.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -160,14 +160,16 @@ On the *Network topology and connectivity* blade you will configure your core ne
160160

161161
Set **Deploy VPN Gateway** to **Yes**:
162162

163-
![networkTab-topology](./media/clip_image036b-2-singlesubscription.png)
163+
![networkTab-topology](./media/ActiveActive.png)
164164

165165
- **Deploy zone redundant or regional VPN Gateway** and **Deploy zone redundant or regional ExpressRoute Gateway**: Zone-redundant gateways are recommended and enabled by default (as per the capabilities of the Region you are deploying your hub virtual network) as they provide higher resiliency and availability. You might opt for a regional deployment depending on your availability requirements and budget. In this tutorial you will deploy a zone-redundant VPN Gateway:
166166

167167
Select **Zone redundant (recommended)**.
168168

169169
![networkTab-gwDeploy](./media/clip_image036b-3-singlesubscription.png)
170170

171+
- **Deploy VPN Gateway in Active/Active mode**: You can create an Azure VPN gateway in an active-active configuration, where both instances of the gateway VMs establish S2S VPN tunnels to your on-premises VPN device. In this configuration, each Azure gateway instance has a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. See [Active-active VPN gateways](https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#active-active-vpn-gateways).
172+
171173
- **Select the VPN Gateway SKU** and **Select the ExpressRoute Gateway VPN**: choose the right SKU based on your requirements (capabilities, throughput and availability). See [VPN Gateway SKUs](https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku) and [ExpressRoute Gateway SKUs](https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsku) for further details on the virtual gateway's SKUs you have available in Azure. In this tutorial you will deploy a VpnGw2AZ which provides an aggregated throughput of up to 1 Gbps:
172174

173175
![networkTab-gwSku](./media/clip_image036b-4-singlesubscription.png)

docs/wiki/Whats-new.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,9 +64,13 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
6464
- Deploy-VM-Monitoring (Management Group: Intermediate Root)
6565
- Deploy-VMSS-Monitoring (Management Group: Intermediate Root)
6666

67+
#### Tooling
68+
69+
- Enhanced the ALZ Portal Accelerator to provide the ability to deploy the Azure VPN Gateway in Active/Active mode as per feedback from [#655](https://github.com/Azure/Enterprise-Scale/issues/655).
70+
6771
#### Other
6872

69-
- [Azure Landing Zone External Community Call - September 2023 - Hosted & Published](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls#25th-september-2023-25092023))
73+
- [Azure Landing Zone External Community Call - September 2023 - Hosted & Published](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls#25th-september-2023-25092023)
7074

7175
### August 2023
7276

docs/wiki/media/ActiveActive.png

17.5 KB
Loading

eslzArm/eslz-portal.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1186,6 +1186,26 @@
11861186
]
11871187
}
11881188
},
1189+
{
1190+
"name": "enableVpnActiveActive",
1191+
"type": "Microsoft.Common.OptionsGroup",
1192+
"label": "Deploy VPN Gateway in Active/Active mode",
1193+
"defaultValue": "No",
1194+
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
1195+
"toolTip": "Deploy the VPN gateway in Active/Active mode",
1196+
"constraints": {
1197+
"allowedValues": [
1198+
{
1199+
"label": "Yes",
1200+
"value": "Yes"
1201+
},
1202+
{
1203+
"label": "No",
1204+
"value": "No"
1205+
}
1206+
]
1207+
}
1208+
},
11891209
{
11901210
"name": "esGwNoAzSku",
11911211
"type": "Microsoft.Common.DropDown",
@@ -2958,6 +2978,7 @@
29582978
"enablePrivateDnsZones": "[steps('connectivity').enablePrivateDnsZones]",
29592979
"enableVpnGw": "[steps('connectivity').enableVpnGw]",
29602980
"gwRegionalOrAz": "[steps('connectivity').gwRegionalOrAz]",
2981+
"enableVpnActiveActive": "[steps('connectivity').enableVpnActiveActive]",
29612982
"gwRegionalSku": "[coalesce(steps('connectivity').gwRegionalSku, steps('connectivity').esGwNoAzSku)]",
29622983
"gwAzSku": "[steps('connectivity').gwAzSku]",
29632984
"vpnGateWayScaleUnit": "[steps('connectivity').vpnGateWayScaleUnit]",

0 commit comments

Comments
 (0)